Web-sovellusten manuaalisen penetraatiotestauksen erilaiset ohjeet

Web-sovellusten manuaalisen penetraatiotestauksen erilaiset ohjeet

Penetraatiotestaukselle ei ole vielä virallista standardia, mutta monet toimijat ovat julkaisseet omia ohjeitaan tietoturvatestaukseen. Tässä kanditutkielmassa vertaillaan kolmea seuraavaa ohjetta, Offensive Securityn julkaisema Kali Linux Revealed, NIST erikoisjulkaisu 800-115 ja OSSTMM 3. Tutkielm...

Full description

Bibliographic Details
Main Author: Valkeinen, Maiju
Other Authors: Informaatioteknologian tiedekunta, Faculty of Information Technology, Informaatioteknologia, Information Technology, Jyväskylän yliopisto, University of Jyväskylä
Format: Bachelor's thesis
Language:fin
Published: 2020
Subjects:
Tietotekniikka
Mathematical Information Technology
602
tietoturva
testaus
ohjeet
Online Access: https://jyx.jyu.fi/handle/123456789/69074
_version_ 1826225802929242112
author Valkeinen, Maiju
author2 Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä
author_facet Valkeinen, Maiju Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä Valkeinen, Maiju Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä
author_sort Valkeinen, Maiju
datasource_str_mv jyx
description Penetraatiotestaukselle ei ole vielä virallista standardia, mutta monet toimijat ovat julkaisseet omia ohjeitaan tietoturvatestaukseen. Tässä kanditutkielmassa vertaillaan kolmea seuraavaa ohjetta, Offensive Securityn julkaisema Kali Linux Revealed, NIST erikoisjulkaisu 800-115 ja OSSTMM 3. Tutkielman tarkoitus on selvittää miten niiden esittelemät testausmetodologiat poikkeavat toisistaan, ja miten ne soveltuvat manuaalisen web-penetraatiot testauksen opetteluun. Tutkielman tuloksena on että kaikkien kolmen ohjeen testausmetodologiat ovat toteutukseltaan samankaltaisia, vaikka niiden käyttämä termistö tai etenemiskaavio poikkeavatkin toisistaan ja ne poikkeavat lukijakunnna osaamistasossa. Penetration testing does not yet have official standard, but many companies, offices and organisation have published their own guidelines for information security testing. In this bachelor's thesis three different manuals are being compared; Kali Linux Revealed by Offensive Security, NIST special publication 800-115 and OSSTMM 3. Testing methodologies presented by these manuals are being compared, as well as their suitability as teaching method for manual penetration testing of web applications. We find that all three manuals testing methodologies follow same kind execution, even when they differ in terminology or in progress charts and require skill level.
first_indexed 2020-05-19T20:08:44Z
format Kandityö
free_online_boolean 1
fullrecord [{"key": "dc.contributor.advisor", "value": "Saksa, Tytti", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Valkeinen, Maiju", "language": "", "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2020-05-19T12:23:59Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2020-05-19T12:23:59Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2020", "language": "", "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/69074", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Penetraatiotestaukselle ei ole viel\u00e4 virallista standardia, mutta monet toimijat ovat julkaisseet omia ohjeitaan tietoturvatestaukseen. T\u00e4ss\u00e4 kanditutkielmassa vertaillaan kolmea seuraavaa ohjetta, Offensive Securityn julkaisema Kali Linux Revealed, NIST erikoisjulkaisu 800-115 ja OSSTMM 3. Tutkielman tarkoitus on selvitt\u00e4\u00e4 miten niiden esittelem\u00e4t testausmetodologiat poikkeavat toisistaan, ja miten ne soveltuvat manuaalisen web-penetraatiot testauksen opetteluun. Tutkielman tuloksena on ett\u00e4 kaikkien kolmen ohjeen testausmetodologiat ovat toteutukseltaan samankaltaisia, vaikka niiden k\u00e4ytt\u00e4m\u00e4 termist\u00f6 tai etenemiskaavio poikkeavatkin toisistaan ja ne poikkeavat lukijakunnna osaamistasossa.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Penetration testing does not yet have official standard, but many companies, offices and organisation have published their own guidelines for information security testing. In this bachelor's thesis three different manuals are being compared; Kali Linux Revealed by Offensive Security, NIST special publication 800-115 and OSSTMM 3. Testing methodologies presented by these manuals are being compared, as well as their suitability as teaching method for manual penetration testing of web applications. We find that all three manuals testing methodologies follow same kind execution, even when they differ in terminology or in progress charts and require skill level.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by Paivi Vuorio (paelvuor@jyu.fi) on 2020-05-19T12:23:59Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2020-05-19T12:23:59Z (GMT). No. of bitstreams: 0\n Previous issue date: 2020", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "20", "language": "", "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.language.iso", "value": "fin", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.title", "value": "Web-sovellusten manuaalisen penetraatiotestauksen erilaiset ohjeet", "language": "", "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "bachelor thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-202005193328", "language": "", "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Bachelor's thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Kandidaatinty\u00f6", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Informaatioteknologia", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Information Technology", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Tietotekniikka", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Mathematical Information Technology", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_7a1f", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "bachelorThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "602", "language": "", "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "tietoturva", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "testaus", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "ohjeet", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}]
id jyx.123456789_69074
language fin
last_indexed 2025-02-18T10:54:23Z
main_date 2020-01-01T00:00:00Z
main_date_str 2020
online_boolean 1
online_urls_str_mv {"url":"https:\/\/jyx.jyu.fi\/bitstreams\/ce790b42-39fb-4006-99b9-83e6cfa4e57a\/download","text":"URN:NBN:fi:jyu-202005193328.pdf","source":"jyx","mediaType":"application\/pdf"}
publishDate 2020
record_format qdc
source_str_mv jyx
spellingShingle Valkeinen, Maiju Web-sovellusten manuaalisen penetraatiotestauksen erilaiset ohjeet Tietotekniikka Mathematical Information Technology 602 tietoturva testaus ohjeet
title Web-sovellusten manuaalisen penetraatiotestauksen erilaiset ohjeet
title_full Web-sovellusten manuaalisen penetraatiotestauksen erilaiset ohjeet
title_fullStr Web-sovellusten manuaalisen penetraatiotestauksen erilaiset ohjeet Web-sovellusten manuaalisen penetraatiotestauksen erilaiset ohjeet
title_full_unstemmed Web-sovellusten manuaalisen penetraatiotestauksen erilaiset ohjeet Web-sovellusten manuaalisen penetraatiotestauksen erilaiset ohjeet
title_short Web-sovellusten manuaalisen penetraatiotestauksen erilaiset ohjeet
title_sort web sovellusten manuaalisen penetraatiotestauksen erilaiset ohjeet
title_txtP Web-sovellusten manuaalisen penetraatiotestauksen erilaiset ohjeet
topic Tietotekniikka Mathematical Information Technology 602 tietoturva testaus ohjeet
topic_facet 602 Mathematical Information Technology Tietotekniikka ohjeet testaus tietoturva
url https://jyx.jyu.fi/handle/123456789/69074 http://www.urn.fi/URN:NBN:fi:jyu-202005193328
work_keys_str_mv AT valkeinenmaiju websovellustenmanuaalisenpenetraatiotestauksenerilaisetohjeet

Similar Items